1. Check out our companion app, Forums for Android! Download from Google Play

Root Security bulletin for Rooted users.

Discussion in 'Android Devices' started by draconius, Sep 20, 2010.

  1. draconius

    draconius Well-Known Member
    Thread Starter

    Jul 24, 2010


  2. OMJ

    OMJ Bazinga

    Nov 27, 2009
    A little surprising that its not encrypted but really its not that big a deal. Definitely a little scary for those with exchange accounts that end up listed there though.

    I have always been very careful with installing root apps. I stick to known devs and or apps with lots positive feedback when it comes to root apps. If you go installing every root app under the sun then you are asking to get hit with something malicious.
  3. izomiac

    izomiac Active Member

    Jul 9, 2010
    I'm a little surprised that people didn't know that any "Remember my password" feature anywhere effectively stores passwords in plain text unless you enter a Master Password or similar. ("Keep me logged in" is somewhat different.) This isn't any more of an issue for Root users as normal users if there are active root exploits, since obviously a malicious app could then root an unrooted phone.

    Such features trade security for convenience, so it's a design decision that can't really be made more secure. Effective encryption can only be used if the key is kept secret, which can't be done if your phone isn't asking you for a decryption key. Encrypting then storing the key in plaintext is completely pointless.

    Even if passwords were securely stored, a malicious root app can install a rootkit. I won't go into specifics, but suffice to say at that point it's no longer "your" phone.

    Required reading for owning an electronic device:
    10 Immutable Laws of Security

    For the curious, here's a follow-up set of articles that examine how well the previous one held up from it's publication in 2000 to 2008:
    10 Immutable Laws of Security Revisited: Part 1
    10 Immutable Laws of Security Revisited: Part 2
    10 Immutable Laws of Security Revisited: Part 3

Share This Page